Bank API 🏦

The Bank API is a design reference project suitable to bootstrap development for a compliant and modern API.

Technology stack

• ASP.NET Core 9.0 - Minimal API for API development, with following base services:

  • Resilience for resilience when calling downstream APIs

  • Compliance for redacting sensitive data

  • Health checks for checking health status

  • Service Discovery for resolving endpoints from config

  • Hybrid Cache for caching

  • Rate limiting for rate limiting

  • API Key, JWT bearer and OpenID Connection-based authentication for security

  • OpenApi for generating OpenAPI specifications

• OpenTelemetry (OTel) for observability

• .NET Aspire for development bootstrapping and client integrations

• Kiota API client generation for calling downstream APIs

• Gridify for filtering, ordering and paging

• Scalar for interactive API documentation

• Spectral for linting

• OpenApiAnyFactory from Swashbuckle.AspNetCore for parsing JSON to IOpenApiAny types

• TUnit for unit tests

• REST Client extension in Visual Studio Code for quick local tests via .http files

Prerequisites

If not using the Dev Container, install:

• .NET 9 SDK

• All recommended Visual Studio Code extensions

Quick start

• (Optionally) regenerate the GitHub downstream API client by going to the Kiota workspace and clicking Re-generate under clients.

• Generate a new JWT-token for secured endpoints:

  dotnet user-jwts create --scope "bank_api" --role "banker"

• Run dotnet build to output the OpenAPI definition

• Validate the OpenAPI definition by going to the generated.json definition and check for problems via the Spectral extension.

Run in Aspire minimal mode

This mode just runs the ASP.NET Core API.

1. Start the standalone Aspire Dashboard for developer visualization:

   docker run --rm -it `
   -p 18888:18888 `
   -p 4317:18889 `
   --name aspire-dashboard `
   mcr.microsoft.com/dotnet/aspire-dashboard:latest

   Copy the url shown in the resulting output when running the container, and replace 0.0.0.0 with localhost, eg http://localhost:18888/login?t=123456780abcdef123456780 and open that in your browser, or you can also paste the key after /login?t= when the login dialog is shown. The token will change each time you start the container.

2. Run the launch config C#: Api Debug (with standalone Aspire).

Run in Aspire mode

This mode starts the API in the context of .NET Aspire.

1. Make sure the docker runtime is started.

2. Run the launch config C#: App Host Debug (via Aspire).

Considerations

1. OpenID Connect isn't fully supported in Scalar.

2. Running tests works in VSCode. However, debugging tests doesn't work with TUnit in VSCode yet.

3. To extend OpenTelemetry logging to Application Insights, expand the OpenTelemetry exporter.

4. The Aspire dashboard doesn't start the first time inside the Dev Container, open a new tab and paste the same URL, then it works.

5. The compliance NullRedactor doesn't seem to work, the redactor is already defined at Builder.Compliance.cs but not used because of the issue.

6. Dev Containers with the docker-outside-of-docker feature instead of docker-in-docker do not work, for now we're using docker-in-docker.

Please see the Reddit r/dotnet post about this project for more considerations and information.

Troubleshooting

• If debugging isn't working properly inside a Dev Container, please clear the Extension Host Cache at %AppData%\Code\CachedData (on Windows) and restart VS Code.

License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.